FUSION Ransomware
The FUSION Ransomware is a file-locking Trojan that's part of the NEFILIM Ransomware family. The FUSION Ransomware targets companies with non-secure Windows systems and blocks their files by encrypting them. Attackers also may collect data for leaking to the public. Users should maintain backups for recovering any data and use common-sense security guidelines and anti-malware tools for blocking or removing the FUSION Ransomware.
The Giant Wakes Up with a Bang
The Hebrew NEFILIM Ransomware family got its start with a Russian threat actor. Still, the group shows semi-regular interest in attacking targets in other regions, such as Germany's Dussmann Group. In doing so, the variants include more dangers than are typical for a file-locking Trojan. This warning also applies to the FUSION Ransomware, one of the latest updates.
The FUSION Ransomware joins the MERIN Ransomware, the TRAPGET Ransomware, the TELEGRAM Ransomware, and the OFFWHITE Ransomware as examples in the wild for 2020. The threat actor usually compromises the target Windows systems through phishing lures, brute-forcing credentials, or other strategies appropriate for enterprise-grade companies. As usual, the FUSION Ransomware, like its cohorts, rapidly proceeds with blocking media files with secure encryption, creating custom extensions for them that reference its campaign, and dropping text messages with the threat actor's e-mails and ransom warnings.
The FUSION Ransomware's campaign has an additional attack up its sleeve, though. Although the FUSION Ransomware doesn't possess direct file-exfiltrating capabilities, malware experts see most NEFILIM Ransomware campaigns engaging in data-collecting activities for blackmail. The FUSION Ransomware even has a dedicated website for the purpose, which further penalizes any victims who don't pay the ransom by showing their servers' contents to the world.
Taking the Money Out of a Black Hat Business
The FUSION Ransomware is a money-making endeavor explicitly, although victims paying aren't guaranteed any recovery of lost or blocked files necessarily. Backups not available for deletion or encryption are the best solution to file-locker Trojan infections in almost all situations. However, Restore Points are usually inadequate due to most attackers deleting them, either through remote administrative actions or command-line features in the Trojan.
Furthermore, malware experts recommend various steps for limiting the FUSION Ransomware's distribution, as follows:
- Administrators should avoid passwords that attackers could brute-force (credentials that are simple or generic).
- Workers should be careful when interacting with e-mail and text message attachments or links.
- All software should always be kept as up-to-date as possible since out-of-date programs are subject to vulnerabilities that often are known to the public.
- Web-browsing should have risky features like JavaScript and Flash off unless they're necessary for a trusted website.
Malware analysts also verify that the FUSION Ransomware is one of the few Trojans that use the expensive obfuscation of valid digital signatures. Despite the improvement, most anti-malware programs will flag it as a threat and automatically remove the FUSION Ransomware.
The FUSION Ransomware plays an expensive game with corporate entities: exchanging servers' worth of data for ransoms, and its deployment and programming are competent appropriately. Companies that put their PC security standards on a back burner will suffer all the more from Trojans of this stripe, no matter how cliché the payload is.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.